Analysis
-
max time kernel
33s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
03-06-2023 08:26
Behavioral task
behavioral1
Sample
b8cb324149c343db7b97aa57a030ad9b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b8cb324149c343db7b97aa57a030ad9b.exe
Resource
win10v2004-20230221-en
General
-
Target
b8cb324149c343db7b97aa57a030ad9b.exe
-
Size
321KB
-
MD5
b8cb324149c343db7b97aa57a030ad9b
-
SHA1
f1a8772d3709f8193c58893723f12b14ba0c6217
-
SHA256
053c3cf58d6dbbd7d140277db2141a5f5e0ff73d6b00dfa84e965fb5ab425afa
-
SHA512
50694988fd43f37beacefa42ac6850b11338c44be7f755492bef5b2dd1694a78e3118e7479690cd32cca4b82c87ee5e4ce9b69a637609f2de49f462dc7eae675
-
SSDEEP
6144:Peny2oo7LEeU0SHN7rvRaLWI+PpOYx+k1Ul9sq4CydxrbA3r9u:P12N7geuhrvdPp2lqBdxg3Z
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/1604-54-0x0000000001270000-0x00000000012C6000-memory.dmp dcrat behavioral1/memory/1604-55-0x000000001AE90000-0x000000001AF10000-memory.dmp dcrat -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
b8cb324149c343db7b97aa57a030ad9b.exepid process 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe 1604 b8cb324149c343db7b97aa57a030ad9b.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
b8cb324149c343db7b97aa57a030ad9b.exedescription pid process Token: SeDebugPrivilege 1604 b8cb324149c343db7b97aa57a030ad9b.exe